A HomeKit vulnerability in the current version of iOS 11.2 has
been demonstrated to 9to5Mac that allows unauthorized control of
accessories including smart locks and garage door openers. Our
understanding is Apple has rolled out a server-side fix that now
prevent unauthorized access from occurring while limiting some
functionality, and an update to iOS 11.2 coming next week will
restore that full functionality.

The vulnerability, which we won’t describe in detail and was
difficult to reproduce, allowed unauthorized control of
HomeKit-connected accessories including smart lights, thermostats,
and plugs.

The most serious ramification of this vulnerability prior to the
fix is unauthorized remote control of smart locks and connected
garage door openers, the former of which was demonstrated to
9to5Mac.

Fast response from Apple, but this kind of story spooks me from installing smart locks. I realize that’s not entirely rational — good old fashioned dumb locks are susceptible to lock-picking — but something about hooking up the locks to my house to the internet just doesn’t feel right.